Some fixes/changes to EntropiaWiki

Darkaruki

Stalker
Banned
Joined
Jul 8, 2009
Posts
1,797
Location
Sweden
Avatar Name
Formerly "Darkaruki Dorkaruki Kakiro"
After a long wait, I've been granted Trusted User as well as Admin privileges for EntropiaWiki!

In the past year I have been doing a massive amount of editing and have taken note of various bugs and things which should be changed with EntropiaWiki, many of which I'll now be able to do.

I'll be posting changes to the website that I make here to let people know of them since some chart/column/site modifications cannot be found on the "Latest Updates" page of EntropiaWiki, and because I'm certain there are some people would want to know about some of them.

Many thanks again to Joda and Linzey for continuing to host and maintain the site even though they are quite busy people, and thanks to Hijacker for reminding Joda to grant me privileges :laugh:
 
Last edited:
I've requested as well that Haruto Rat be granted Trusted User privileges, as he is a very active contributor and has helped me many times in figuring things out when I ran into problems.

The request was granted, well deserved. :thumbup:
 
Previously Creature Control Capsules could not be added to the Creature Loots table, meaning they could not be added to loot charts.

Another issues with Creature Control Capsules was that there could not be more than one Creature Control Capsule per creature, even though there are multiple instance of this in the game.

Yet another issue was with the viewability of info pages for Creature Control Capsules, which was partially broken.


These issues have been resolved, Creature Control Capsules can now be added to loot tables, there can now be multiple Creature Control Capsule entries under the same Creature, and Creature Control Capsule info pages are fully usable. :thumbup:
 
The "Creature Loots" chart is now being sorted by "Last VU" by default instead of being sorted alphabetically, meaning that when you open up a creature's page and scroll down to the creature's loot table it will display to you the loots which have most recently been reported to have looted from that creature, as opposed to showing you some random items most of the time.

This should make viewing and updating loot tables a lot simpler for users. :thumbup:
 
Many charts had extremely outdated and inaccurate EntropiaBay/PEAuction info, despite both websites being defunct for several years, one of them linking to an ad redirector and the other linking to a warning page from Google.

Charts are no longer attempting to fetch information from EntropiaBay/PEAuction and no longer display the outdated information fetched from them years ago.

Users who are interested in contributing can input Markup values for applicable items which, as always, will be shown on the item's page as a "User Value" along with the date at which the edit was made.
 
Nice work :cool:

Yup working now.
 
Last edited by a moderator:
Was going to look for it, but atm I get the:
Oops... something went wrong


When trying the weapons, or creatures page, prolly rest to, not sure.

Edit:
yup same on other things.

Some things being worked on at the moment, should work now.
 
In the Scanners chart the "Scans/sec" parameter calculated its value by "60/Uses" instead of "Uses/60" resulting in inaccurate values, this has been fixed.

On the "All Charts" page the header at the top said "Entropedia", which has been changed to "EntropiaWiki" and the bottom had a blip about EntropiaBay/PEAuction which has been removed.

For the "Personal Effects" chart, the maximum number of "Effects" was 7, despite Halloween Ring 2017 having 8 and Christmas Ring 2016 having 10, the maximum number of Effects that can be added has been increased accordingly to 10.
 
Many charts had extremely outdated and inaccurate EntropiaBay/PEAuction info, despite both websites being defunct for several years, one of them linking to an ad redirector and the other linking to a warning page from Google.

Charts are no longer attempting to fetch information from EntropiaBay/PEAuction and no longer display the outdated information fetched from them years ago.

Users who are interested in contributing can input Markup values for applicable items which, as always, will be shown on the item's page as a "User Value" along with the date at which the edit was made.

As far I know the PEAuction catched the data from Expiring Auctions Page, is it possible to make that work somehow to automatically fetch the MU data for the wiki ?

Its not 100% accurate as BO don´t show up there, but better than nothing.
 
In the weapon compare tool you cant add enhancers to mindforce chips, is that something you can fix also?
 
Several 'gift' items not listed on the site for a few years now...

A couple of threads that may be useful if you want to add a few items:
https://www.planetcalypsoforum.com/...Xmas-Item(s)&p=3580714&viewfull=1#post3580714 (links to talenthouse and neverdie's blog there may be useful in helping with descriptions)

https://www.planetcalypsoforum.com/...68-Gift-List&p=3326969&viewfull=1#post3326969
has a pretty good listing of when the gifts came out over the years... it may be missing a thing or three..

Think there may be some outdated stuff on the wiki in regard to a couple of the lesser used planets too, but can't remember the details at the moment. Might be interesting to have historical maps, etc. to show changes of the virtual universe over time...

If you ever go that route Falco's old maps may be of some use... (as may some old info in entropiaplanet's wiki that never got updated too often)

(as may some of the crap I've posted in the link list over time, especially the old magazines, links to different stuff in the artwork section, and lots of other various things, some of which are on sites that are slowly going to die or servers that may not exist in the not too distant future)

As for the buffs, may want to up that count to 18. Not sure anyone's ever actually had that many active or any item has allowed that many, but since the system potentially can allow it, it won't hurt to have the option for future changes down the road. Between several items I know I've personally had one and a half rows of buffs (11) active between several pills, auto buffs, etc., which makes me think the full second row can light up potentially, and knowing Mindark there will someday be one item that allows all of both rows to light up at the same time...
 
Last edited:
Thank you Darkaruki for taking on this project! It's much appreciated.

"You must spread some Reputation around before giving it to Darkaruki again."

Dirk
 
As far I know the PEAuction catched the data from Expiring Auctions Page, is it possible to make that work somehow to automatically fetch the MU data for the wiki ?

Its not 100% accurate as BO don´t show up there, but better than nothing.

If somebody wants to start up and dedicate resources to a new service that does this it could maybe be implemented, if you ask me MA should honestly really just revamp their auction house and provide an API, until then the only options we have for getting auction house info are not very useful and/or very resource intensive.

In the weapon compare tool you cant add enhancers to mindforce chips, is that something you can fix also?

I'll have this looked into

Several 'gift' items not listed on the site for a few years now...

I've added a few of these that I've stumbled across at random, it's not very high priority, but those are contributions any user can make if they wish to.

Think there may be some outdated stuff on the wiki in regard to a couple of the lesser used planets too, but can't remember the details at the moment.

There's outdated/missing stuff on the wiki in regard to all of the planets, I do my best to contribute as much as I can, but I haven't even left Calypso so I'm not really able to contribute very much in regards to other planets.

With that said, this is information any user can contribute to the wiki if they wish to.

As for the buffs, may want to up that count to 18. Not sure anyone's ever actually had that many active or any item has allowed that many, but since the system potentially can allow it, it won't hurt to have the option for future changes down the road.

The Personal Effects chart is for listing items which grant buffs such as rings, pills, fireworks, etc, at the moment the item with the most effects is 10, and I would be surprised to see them release an item with more effects than that but if that happens more spots for listing effects can always be added.
 
Great job! Must spread rep etc...
 
The "Creature Loots" chart has been changed to have the "Drops" "Kills" and "Drop Rate" columns hidden by default, these columns display information automatically updated to EntropiaWiki by EU Hunter, a program which to my knowledge has been defunct for many years, so the fairly limited data provided by it is almost entirely no longer applicable.

Loot tables should be a bit more compact now as a result.

QQ9gpmm.png
 
If somebody wants to start up and dedicate resources to a new service that does this it could maybe be implemented, if you ask me MA should honestly really just revamp their auction house and provide an API, until then the only options we have for getting auction house info are not very useful and/or very resource intensive.

well since the info is available in the start client and in the smartphone app I'm guessing it can't be too hard to fetch.
I don't think MA will ever give anyone direct access to server data though... too exploitable
 
well since the info is available in the start client and in the smartphone app I'm guessing it can't be too hard to fetch.
I don't think MA will ever give anyone direct access to server data though... too exploitable

Yeah, I think something could be set up to fetch this information without needing too much resources, but at the same time it's not very useful info.

As far as giving direct access to server data, I think an API to get auction house info would not be exploitable at all as long as it was designed correctly, although I am aware it is MA we're talking about so they probably aren't very likely to make anything like this for lack of resources to do so, or misappropriation of resources into random side projects.
 
Previously armor sets had a hard time with adding up markup values or resistance values that had included decimal points (eg. 10.1) which resulted in long strings of number such as this:

I6Fy0Uw.png


This has now been fixed.

As mentioned by toad earlier in the thread, Enhancers previously could not be added to Mindforce weapons, this has been fixed, another problem was noticed where Scopes/Sights/etc could be added to Mindforce weapons, of course this is not possible, it has been fixed as well.

Another problem was the sidebar for Teleportation Chips was kind of squished up as a result of an overly long column name, the name has been shortened so this error is now resolved.

XjK5UZh.png
 
Yeah, I think something could be set up to fetch this information without needing too much resources, but at the same time it's not very useful info.

As far as giving direct access to server data, I think an API to get auction house info would not be exploitable at all as long as it was designed correctly, although I am aware it is MA we're talking about so they probably aren't very likely to make anything like this for lack of resources to do so, or misappropriation of resources into random side projects.

it would introduce a whole new security aspect to the backend servers... right now it's possible to go with an "accept all good" approach since all interaction is through the game interface, this is the safest way. But as soon as you expose the server to the outside then you can run the traffic through a proxy to modify the data and all kinds of fun.

I'm not saying it's impossible to do.. all I'm saying is that someone who's just curious might proxie your get request and instead post some injection script he's found online in a stack exchange forum and drops the entire db because MA apparently was running some unprotected rellic server they thought no one would access

let's take a VERY simplified SQL example of how a simple search might look:
pretend under_score names are columns and tables and camelCase are variables from whatever search is made to the auction

SELECT * FROM calypso_action WHERE (item_name LIKE '%itemName%')

and your request looks something like: GET https://entropiaapi?itemName='bifrost'

This will of course generate a whole object with a shit ton of columns such as: name, dayli_markup,tt etc etc

by supplying " ')--" instead of "bifrost" we escape from the itemName value field and drop any other SQL used in the query that might cause our payload to crash.

as an example here's how you might bypass a simple login using the string " ' OR 1=1-- " as the "email":

SELECT * FROM users WHERE email=’’ OR 1=1--’ AND password=’123456’;

the -- lets us skip anything behind it so now the email only has to match or if 1 = 1 is true (which it is) it will simply take the first user in the table and log you in.... (this is probably the admin too)

we can now try to UNION another table after our result, table and column names can be derived from sys.tables, sys.columns in something like MYSQL I think and sqlite_master from sqlite any way doesn't matter same shit.

from there we might be able to find all kinds of fun information, maybe we can register an avatar with SQL syntax so when she collects missions and her name is prompted it's delivered and injected in an UPDATE that's meant to update user progress but instead we can spawn items or update our pedbalance as long as we know the column names and avatar ID's.

It's a bag'o worms with a potential for big profits if it turns out to be exploitable and making it not exploitable like you said is probably too costy

the above examples are kindergarden level SQL injections fyi.... not saying they're using SQL I'm just looking at potential exploits and these were the ones I could come up with at the top of my mind

sorry for the long potato here's a post
 
1. api do not provide posibility to request info trough pure sql command.
2. api does not provide raw answer , it is allways serialized.
3. Informational api allways use users that has access only to current database tables that has no user info or passwords.
4.api users has no rights to write to database.
5. even if you can access database to take password , it is hashed in one way, that means basically if your password is not like "passwrod123" , and does not contain in hacked passwrod databases, it will be inpossible to decrypt.
6. Mostly makign a web service or api, if you have to enter a value, it mostly will be checked for injection posibility. I do that allways, that can be only possible if person forgot by mistake.

//mg
 
1. api do not provide posibility to request info trough pure sql command.
2. api does not provide raw answer , it is allways serialized.
3. Informational api allways use users that has access only to current database tables that has no user info or passwords.
4.api users has no rights to write to database.
5. even if you can access database to take password , it is hashed in one way, that means basically if your password is not like "passwrod123" , and does not contain in hacked passwrod databases, it will be inpossible to decrypt.
6. Mostly makign a web service or api, if you have to enter a value, it mostly will be checked for injection posibility. I do that allways, that can be only possible if person forgot by mistake.

//mg

1,2 error based/ blind injections can tell you enough if it's not protected even without errors

3 this can be bypasses

4 you couldn't really exploit the web API anyway but with enough information on the database layout you could have a second-order injection somewhere the game does run an update, this wouldn't be a user action but an involuntary system action

5 would it surprise you if MA use an unsalted MD5 hash ? Even when salted MD5 can be broken

last part on number 6.....people are retarded, injections has been the most prevalent, damaging vulnerability since forever pretty much and this is despite that everyone know how it's done and that every platform has ready functions to escape and sanitize input making injections virtually impossible

It's not hard to make it safe, you could whitelist item names and reject all other, decode, escape and sanitized the input using dedicated platform tools. Use a modern salted hashing function. Then you could have regex on the frontend to disallow unsafe characters and set a limit to request you can make per minute just to spare the server from some lazy bruteforce attempt

but have you seen the bugs in eu :D? It makes me wonder how safe it would be if we exposed the servers.

tbh if I was an epic hacker with little morale and I saw a potential vulnerability I could definitely spend a year on the side probing EU in order to update the ped balance to some newely created user by a few millions before wiping or manipulating sys logs

Sorry for off topic Darkaruki I'm done, consider it a bump, keep up the good work, make entropiawiki great again, build a wall
 
I don't think anyone is denying that there is some potential for vulnerability and of course they would need to hire the right people who know what they are doing for this job, but if it is done correctly there could very easily be little to no potential for exploit, the proof for this is that there are many big products and popular games which handle sensitive information like EU and offer dev API for wide variety of purposes, there's no way it's impossible for them to hire a team to modernize the AH and develop an API which provides just basic information like what is on the auction house, who is bidding, and historical information.

If you ask me, this kind of update is long overdue considering that EU is largely meant to be an economy game, I'm sure there are lots of people who would grow more interested in the game if it offered a better experience there, although there are also many other aspects to this game that could be improved as well!

Anyways, I'm glad you appreciate the work and don't forget to thank Joda as well, he has helping a lot with this too :)
 
I've made "Maturity" a visible column on the Creature Loots chart which should be helpful for mobs which have puny maturities, boss maturities, and other such cases where there are certain loots which can only be found from certain maturities. :)

Example: Berycled
hwSxXKW.png


I've also increased the maximum number of characters allowed for the "Requirements" column in the "Skills" chart to add some info contributed by Akbar regarding Scientist being possible to unlock via Gardener, Paramedic, Pet Handler.
 
Not sure if right place or has been mentioned but entropia tracker suite needs to be linked with entropiawiki now and not entropedia

Cheers
 
I've made "Maturity" a visible column on the Creature Loots chart which should be helpful for mobs which have puny maturities, boss maturities, and other such cases where there are certain loots which can only be found from certain maturities. :)

This seems like a good opportunity to remind the public that this column is supposed to indicate the lowest maturity capable of dropping the stuff in question.

Therefore, you only need one observation to lower it; but please do not raise it without a very good reason. TIA.
 
Info pages seem to have lost all links in the right side column (e.g. blueprints no more link to the crafted item). This makes it harder to find out "what is X used for?".
 
Info pages seem to have lost all links in the right side column (e.g. blueprints no more link to the crafted item). This makes it harder to find out "what is X used for?".

Noticed this as well, looking into it.

Also, good call on maturity info reporting, that is a good rule to go by.
 
Back
Top